(* Goal verification framework - Mental States *) \ \This theory introduces mental states and mental state formulas. The syntax and semantics of mental state formulas is defined. A proof system for mental state formulas is proved sound.\ theory Gvf_Mental_States imports Gvf_Logic begin section \Properties of mental states\ \ \We set up a type for mental states.\ type_synonym mental_state = \(\\<^sub>L list \ \\<^sub>L list)\ \ \A mental state is a tuple of sets of propositional logic formulas.\ \ \The definition filters those elements that are 'tuples of sets of propositional logic formulas'. Not all elements of this type are in fact mental states: a number of restrictions apply.\ definition is_mental_state :: \mental_state \ bool\ (\\\) where \\ M \ let (\, \) = M in \ \Pattern matching to have variables for belief and goal base.\ \ \ \<^bold>\\<^sub>P \<^bold>\ \ \\ is consistent.\ \ (\\\set \. \ \for all goals \ \ \:\ \ \ \<^bold>\\<^sub>P \ \ \(i) \ is not entailed by the agent's beliefs,\ \ \ \\<^sub>P (\<^bold>\ \))\ \ \(ii) \ is consistent.\ \ \Note that the subgoal property for goals is missing. It will be defined in the semantics.\ \ \Every member (of the goal set) must be weaker than \, but not weaker than any belief \.\ lemma \\ (\, \) \ (\\\set \. \\<^sub>P (\<^bold>\ \<^bold>\ \) \ \ (\\\set \. \\<^sub>P (\ \<^bold>\ \)))\ unfolding is_mental_state_def by fastforce section \Syntax of mental state formulas\ \ \Atoms are now the special belief and goal modalities.\ datatype Atom\<^sub>M = Bl \\<^sub>L | Gl \\<^sub>L \ \We now use a more complex type for atoms compared to simply natural numbers. Bl and Gl are the constructors taking a propositional logic formula as input. We introduce a nicer syntax below that hides the nesting of constructors.\ \ \We set up a type for mental state formulas.\ type_synonym \\<^sub>M = \Atom\<^sub>M \\<^sub>P\ \ \We instantiate the general logic parsing the type for atoms.\ abbreviation \B \ \ Atom (Bl \)\ abbreviation \G \ \ Atom (Gl \)\ section \Semantics\ \ \Semantics of atoms for mental state formulas is derived given a mental state.\ fun semantics\<^sub>M' :: \mental_state \ Atom\<^sub>M \ bool\ (infix \\\<^sub>M*\ 50) where \ \Does the belief base entail \?\ \(\, _) \\<^sub>M* Bl \ = (\ \<^bold>\\<^sub>P \)\ | \ \Is \ not entailed by the belief base and a (sub)goal?\ \(\, \) \\<^sub>M* Gl \ = (\ \ \<^bold>\\<^sub>P \ \ (\\\set \. \\<^sub>P (\ \<^bold>\ \)))\ \ \Semantics of formulas.\ abbreviation semantics\<^sub>M :: \mental_state \ \\<^sub>M \ bool\ (infix \\\<^sub>M\ 50) where \M \\<^sub>M \ \ semantics\<^sub>P (semantics\<^sub>M' M) \\ \ \The semantics for atoms, given a mental state, matches the type for an interpretation. The curried function is parsed on to the general semantics as an interpretation which allows reuse of the existing definition.\ \ \Examples.\ lemma \([\], []) \\<^sub>M B \\ by simp lemma \([ Atom ''0'' ], [ Atom ''2'' ]) \\<^sub>M G (Atom ''1'' \<^bold>\ Atom ''2'')\ (is \([ ?R ], [ ?Q ]) \\<^sub>M G (?P \<^bold>\ ?Q)\) proof - have \?R \ ?Q\ by simp have \\ [ ?R ] \<^bold>\\<^sub>P ?P \<^bold>\ ?Q\ proof assume \[ ?R ] \<^bold>\\<^sub>P ?P \<^bold>\ ?Q\ then have \\f. semantics\<^sub>P f ?R \ semantics\<^sub>P f (?P \<^bold>\ ?Q)\ by auto moreover have \\f. \ (semantics\<^sub>P f ?R \ semantics\<^sub>P f (?P \<^bold>\ ?Q))\ proof let ?f = \(\_. True)(''0'' := True, ''1'' := True, ''2'' := False)\ show \\ (semantics\<^sub>P ?f ?R \ semantics\<^sub>P ?f (?P \<^bold>\ ?Q))\ by simp qed ultimately show False by auto qed then show ?thesis by simp qed section \Various proofs\ \ \An agent cannot have a goal to achieve a tautology.\ lemma \\ M \ \ M \\<^sub>M G \<^bold>\\ unfolding is_mental_state_def by auto \ \An agent does not have inconsistent beliefs/goals.\ lemma not_modal_False: \\ M \ M \\<^sub>M \<^bold>\ (B \<^bold>\)\ \\ M \ M \\<^sub>M \<^bold>\ (G \<^bold>\)\ unfolding is_mental_state_def by fastforce+ lemma bel_dist_conj: \M \\<^sub>M B (\ \<^bold>\ \) \ M \\<^sub>M B \ \ M \\<^sub>M B \\ using semantics\<^sub>M'.elims(2) by fastforce lemma is_mst_negB: \\M \ M \\<^sub>M B (\<^bold>\ \) \ M \\<^sub>M \<^bold>\ (B \)\ unfolding is_mental_state_def by fastforce \ \Properties of the goal modality.\ lemma G_properties: shows \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G (\ \<^bold>\ \) \<^bold>\ G \ \<^bold>\ G \)\ and \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G (\ \<^bold>\ (\ \<^bold>\ \)) \<^bold>\ G \)\ and \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G \ \<^bold>\ G \ \<^bold>\ G (\ \<^bold>\ \))\ and \\\<^sub>P (\ \<^bold>\ \) \ \ (\, \) \ (\, \) \\<^sub>M G \ \<^bold>\ G \\ proof - let ?\ = \Atom ''0''\ and ?\ = \Atom ''1''\ show \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G (\ \<^bold>\ \) \<^bold>\ G \ \<^bold>\ G \)\ proof assume *: \\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G (\ \<^bold>\ \) \<^bold>\ G \ \<^bold>\ G \\ \ \Counter example.\ moreover have \\\ \ \ \. \ (\, \) \ \ (\, \) \\<^sub>M G (\ \<^bold>\ \) \<^bold>\ G \ \<^bold>\ G \\ proof - let ?\ = \[]\ and ?\ = \[ ?\ \<^bold>\ ?\, ?\ ]\ have \?\ \ ?\\ by simp then have \\ (?\, ?\) \\<^sub>M G (?\ \<^bold>\ ?\) \<^bold>\ G ?\ \<^bold>\ G ?\\ by auto moreover have \\ (?\, ?\)\ unfolding is_mental_state_def by auto ultimately show ?thesis by blast qed ultimately show False by blast qed show \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G (\ \<^bold>\ (\ \<^bold>\ \)) \<^bold>\ G \)\ proof assume *: \\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G (\ \<^bold>\ (\ \<^bold>\ \)) \<^bold>\ G \\ \ \Counter example.\ let ?\ = \[ ?\ ]\ and ?\ = \[ ?\ \<^bold>\ (?\ \<^bold>\ ?\) ]\ have \\ (?\, ?\) \\<^sub>M G (?\ \<^bold>\ (?\ \<^bold>\ ?\)) \<^bold>\ G ?\\ by auto moreover have \\ (?\, ?\)\ unfolding is_mental_state_def by auto ultimately show False using * by blast qed show \\ (\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M G \ \<^bold>\ G \ \<^bold>\ G (\ \<^bold>\ \))\ proof assume *: \\\ \ \ \. \ (\, \) \ (\, \) \\<^sub>M (G \) \<^bold>\ (G \) \<^bold>\ G (\ \<^bold>\ \)\ \ \Counter example.\ let ?\ = \[]\ and ?\ = \[ ?\, ?\ ]\ have \\ (?\, ?\) \\<^sub>M (G ?\) \<^bold>\ (G ?\) \<^bold>\ G (?\ \<^bold>\ ?\)\ by auto moreover have \\ (?\, ?\)\ unfolding is_mental_state_def by auto ultimately show False using * by blast qed next show \\\<^sub>P (\ \<^bold>\ \) \ \ (\, \) \ (\, \) \\<^sub>M G \ \<^bold>\ G \\ proof assume \\\<^sub>P (\ \<^bold>\ \) \ then have *: \\ \<^bold>\\<^sub>P \ \ \ \<^bold>\\<^sub>P \\ by auto show \\ (\, \) \ (\, \) \\<^sub>M G \ \<^bold>\ G \\ proof assume \\ (\, \)\ then have \\\\set \. \ \ \<^bold>\\<^sub>P \ \ \ \\<^sub>P (\<^bold>\ \)\ unfolding is_mental_state_def by simp with \\\<^sub>P (\ \<^bold>\ \)\ have \(\\\set \. \\<^sub>P (\ \<^bold>\ \)) \ (\\\set \. \\<^sub>P (\ \<^bold>\ \))\ by fastforce with * show \(\, \) \\<^sub>M G \ \<^bold>\ G \\ by simp qed qed qed section \Provability\ inductive gen\<^sub>M :: \Atom\<^sub>M gen_rules\ where R\<^sub>M_B: \\\<^sub>P \ \ B \ \ set \ \ gen\<^sub>M \ \\ | A1\<^sub>M: \B (\ \<^bold>\ \) \<^bold>\ B \ \<^bold>\ B \ \ set \ \ gen\<^sub>M \ \\ | A2\<^sub>M: \\<^bold>\ (B \<^bold>\) \ set \ \ gen\<^sub>M \ \\ | A3\<^sub>M: \\<^bold>\ (G \<^bold>\) \ set \ \ gen\<^sub>M \ \\ | A4\<^sub>M: \B \ \<^bold>\ \<^bold>\ (G \) \ set \ \ gen\<^sub>M \ \\ | A5\<^sub>M: \\\<^sub>P (\ \<^bold>\ \) \ \<^bold>\ (B \) \<^bold>\ G \ \<^bold>\ G \ \ set \ \ gen\<^sub>M \ \\ abbreviation derive\<^sub>M_multi :: \\\<^sub>M list \ \\<^sub>M list \ bool\ (infix \\\<^sub>M#\ 40) where \\ \\<^sub>M# \ \ gen_sc (Some gen\<^sub>M) \ \\ abbreviation derive\<^sub>M :: \\\<^sub>M \ bool\ (\\\<^sub>M _\ 40) where \\\<^sub>M \ \ [] \\<^sub>M# [ \ ]\ lemma A4x: \\\<^sub>M G \ \<^bold>\ \<^bold>\ (B \)\ proof - from A4\<^sub>M have \gen\<^sub>M [] [B \ \<^bold>\ \<^bold>\ (G \)]\ by simp then have \\\<^sub>M B \ \<^bold>\ \<^bold>\ (G \)\ by (simp add: Gen) moreover from neg_imp have \\\<^sub>M (B \ \<^bold>\ \<^bold>\ (G \)) \<^bold>\ G \ \<^bold>\ \<^bold>\ (B \)\ using gen_sc_None by fastforce ultimately show ?thesis using gen_sc_mp by auto qed \ \Example.\ lemma \\\<^sub>M B \ \<^bold>\ \<^bold>\ (B \)\ (is \\\<^sub>M ?P \<^bold>\ \<^bold>\ ?P\) proof - from R_Or have \\\<^sub>P ?P \<^bold>\ \<^bold>\ ?P\ if \[] \\<^sub>P# [ ?P, \<^bold>\ ?P ]\ using that by blast with R_Shift have \\\<^sub>P ?P \<^bold>\ \<^bold>\ ?P\ if \[] \\<^sub>P# [ \<^bold>\ ?P, ?P ]\ using that by force with R_Neg have \\\<^sub>P ?P \<^bold>\ \<^bold>\ ?P\ if \[ ?P ] \\<^sub>P# [ ?P ]\ using that by auto with Axiom have \\\<^sub>P ?P \<^bold>\ \<^bold>\ ?P\ by force with gen_sc_None show ?thesis by auto qed section \Soundness\ \ \For the soundness theorem we assume the mental state properties for M.\ lemma soundness\<^sub>_gen\<^sub>M: assumes \\ M\ shows \gen\<^sub>M \ \ \ \\ \ set \. M \\<^sub>M \ \ \\ \ set \. M \\<^sub>M \\ proof (induct rule: gen\<^sub>M.induct) case (R\<^sub>M_B \ \ \) then have \\M. \M \ M \\<^sub>M (B \) \ B \ \ set \\ by simp with assms show ?case by blast next case (A1\<^sub>M \ \ \ \) moreover have \\M. \M \ M \\<^sub>M (B (\ \<^bold>\ \) \<^bold>\ B \ \<^bold>\ B \)\ by simp ultimately show ?case using assms by blast next case (A2\<^sub>M \ \) moreover have \M \\<^sub>M (\<^bold>\ (B \<^bold>\))\ using not_modal_False(1) assms by simp ultimately show ?case by fastforce next case (A3\<^sub>M \ \) moreover have \M \\<^sub>M (\<^bold>\ (G \<^bold>\))\ using not_modal_False(2) assms by simp ultimately show ?case by fastforce next case (A4\<^sub>M \ \ \) moreover have \\M. \M \ M \\<^sub>M (B \ \<^bold>\ \<^bold>\ (G \))\ by simp ultimately show ?case using assms by blast next case (A5\<^sub>M \ \ \ \) then have \\\<^sub>P (\ \<^bold>\ \) \ \<^bold>\ (B \) \<^bold>\ G \ \<^bold>\ G \ \set \\ by fastforce then have \\M. \M \ M \\<^sub>M (\<^bold>\ (B \) \<^bold>\ G \ \<^bold>\ G \) \ \<^bold>\ (B \) \<^bold>\ G \ \<^bold>\ G \ \set \\ by auto with assms show ?case by blast qed lemma soundness\<^sub>M': assumes \\ M\ shows \gen_sc R \ \ \ R = Some gen\<^sub>M \ \\ \ set \. M \\<^sub>M \ \ \\ \ set \. M \\<^sub>M \\ proof (induct rule: gen_sc.induct) case (Gen R \ \) with soundness\<^sub>_gen\<^sub>M show ?case using assms by simp qed auto theorem soundness\<^sub>M: \\ M \ \\<^sub>M \ \ M \\<^sub>M \\ using soundness\<^sub>M' by fastforce end